Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub Scan Using GHE Endpoint and Specifying --org Flag Scans Authenticated Users Repositories & Gists #893

Closed
marshalltech81 opened this issue Nov 2, 2022 · 1 comment 路 Fixed by #931
Closed

GitHub Scan Using GHE Endpoint and Specifying --org Flag Scans Authenticated Users Repositories & Gists #893

marshalltech81 opened this issue Nov 2, 2022 · 1 comment 路 Fixed by #931
Assignees
@ahrav
Labels
bug

Comments

@marshalltech81
Copy link

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

TruffleHog Version

trufflehog 3.16.2

Trace Output

Cannot provide trace output because for security would expose the environment I am running in

Expected Behavior

When performing a trufflehog github --endpoint="GHE_ENDPOINT" --org="ORG" --token="TOKEN" --only-verified, I have the expectation that trufflehog is only scanning the repos in the organization specified on the command line.

Actual Behavior

When performing a trufflehog github --endpoint="GHE_ENDPOINT" --org="ORG" --token="TOKEN" --only-verified, trufflehog appears to scan my personal repositories on GHE and it also appears to scan my gists. In scanning my gists trufflehog is getting a 404 error back from GHE indicating that the repo cannot be found despite the fact the gist does exist despite the fact I do not think there is an expectation that it be scanned.

ERRO[0072] Could not get Github repository: https://xxx.github.com/gist/30277a89cb10b56662540cffa6929f98.git  error="GET https://xxx.github.com/api/v3/repos/gist/30277a89cb10b56662540cffa6929f98: 404 Not Found []"
ERRO[0074] Could not get Github repository: https://xxx.github.com/gist/34b4a93acdcabcc428c7be02890ae24b.git  error="GET https://xxx.github.com/api/v3/repos/gist/34b4a93acdcabcc428c7be02890ae24b: 404 Not Found []"

Steps to Reproduce

trufflehog github --endpoint="GHE_ENDPOINT" --org="ORG" --token="TOKEN" --only-verified

Environment

  • OS: macOS
  • Version Montery

Additional Context

References

  • #0000
@ahrav ahrav self-assigned this Nov 19, 2022
@ahrav ahrav linked a pull request Nov 19, 2022 that will close this issue
Only scan an org and org related repos with --org flag. #931
Merged
@ahrav
Copy link
Collaborator

ahrav commented Nov 19, 2022

@marshalltech81 thanks for pointing this out, really appreciate it. 馃槃

@ahrav ahrav closed this as completed in #931 Dec 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ahrav ahrav

Labels
bug
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Only scan an org and org related repos with --org flag. trufflesecurity/trufflehog
2 participants
@ahrav @marshalltech81